What does this mean when I do spamassassin --lint -D?
RBL: success for 0 of 1 queries
That is with a default local.cf, nothing disabled. Does this have something
to do with Net::DNS?
This is a earlier on the debug output:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.4
Could someone help me determine what these fields represent?
0.001 0 48 1108391722 H*M:hpb
0.001 0 48 1108391722 H*M:hpbrm
0.001 0 55 1108391737 H*r:sk:PUBLIC.
0.001 0 56 1108391737 H*F:U*mthomason
0.001 0 57
Could someone help me determine what these fields represent?
0.001 0 48 1108391722 H*M:hpb
0.001 0 48 1108391722 H*M:hpbrm
0.001 0 55 1108391737 H*r:sk:PUBLIC.
0.001 0 56 1108391737 H*F:U*mthomason
0.001 0 57
At 02:53 PM 2/16/2005, you wrote:
Note: I use Eudora.
Unfortunately, this is a design "feature" of Eudora.. It always extracts
attachments, and has to, as it does not support leaving them in the
message mailbox. This has lead to numerous security exploits against
eudora in the past. Since the at
At 05:35 PM 2/16/2005, Evan Platt wrote:
I only seem to have this problem on this list and the mrtg lists...
however a number of messages come with attachments. Looking at them, they
appear to generally be PGP keys. Not a major issue, but now I have dozens
of them (well, more).
Not to pick on
Some more ideas
I have confixx installed, and my email is forwarded through a virtual
user table. That means my account [EMAIL PROTECTED] will be forwarded to
[EMAIL PROTECTED] Does that actually mean the mail will be passed to
postfix again (and therefor to SA as well??)
That could be my p
They're S/MIME digital signatures. Eudora has a habit of automatically
extracting (and severing) attachments and plopping them on the drive
somewhere of the user's choosing, providing a link to it in the email.
Most of us use clients that behave radically different. Eudora should
probably not e
I only seem to have this problem on this list and the mrtg lists... however
a number of messages come with attachments. Looking at them, they appear
to generally be PGP keys. Not a major issue, but now I have dozens of them
(well, more).
Not to pick on people, but just in the last few days, I
Based on Matt's email I went back and checked the date on the spamd
executable and found that it was still the 2.64 version and was located in
/usr/sbin. When I did the update/reinstall it was installing the spamd in
the /usr/bin directory so that the old one was never being updated. Needless
to sa
Anyways, shouldn't SA be intelligent enough to scan mails only once by
seeing the X-flags and stop further processing?
Since the X-Spam-* headers can be forged, we ignore them.
Thanks, I almost expected that. That leaves my problem back to
- Why is SA scanning my mails twice even though p
On Wed, Feb 16, 2005 at 11:21:53PM +0100, Daniel Draes wrote:
> Anyways, shouldn't SA be intelligent enough to scan mails only once by
> seeing the X-flags and stop further processing?
Since the X-Spam-* headers can be forged, we ignore them.
--
Randomly Generated Tagline:
"Kluge.net belongs to
Hence my problem.
>>From my local.cf which is not overridden anywhere
skip_rbl_checks 0
dns_available yes
>>From etc/procmailrc
SPAMC="/usr/bin/spamassassin"
:0f
|$SPAMC
but the surbl checks only occur when I do spamassassin -t <
file_w_msg
and not when procmail does the forwarding.
I am a
Hi,
nobody any more help here?
I am glad to provide more details about my config if needed.
Anyways, shouldn't SA be intelligent enough to scan mails only once by
seeing the X-flags and stop further processing?
Thx,
Daniel
Usually that means the message has been double-scanned..
First at the MTA
First, tell me if there's anything wrong with this summary:
1. A message arrives and is passed to spamassassin and/or spamc+spamd.
2. The score for that message is computed.
3. The AWL score for that sender is updated.
4. The message was mis-classified, so after delivery the user feeds
the message
Suggestions? I installed using perl -MCPAN -e shell, is there a way to
remove the old and then reinstall the new?
Terry
-Original Message-
From: Matt Kettler [mailto]
Sent: Wednesday, February 16, 2005 2:38 PM
To: Terry Poperszky; users@spamassassin.apache.org
Subject: Re: SA not modifyi
On Wed, Feb 16, 2005 at 04:50:52PM -0500, Thomas Bolioli wrote:
> Is there any way to reverse -L --local for the spam assassin binary. It
> seems to be on, despite the fact that I use a global procmailrc file and
> it clearly has /usr/bin/spamassassin as the inary to exec without any
> switches.
At 04:34 PM 2/16/2005, [EMAIL PROTECTED] wrote:
We have a script that does some unattended spam learning from a designated
spam box that our users report spam to. I ran a dump on the bayes db and I
noticed some tokens that shouldn't be ranked so highly, so I started
watching the spam box and it se
Is there any way to reverse -L --local for the spam assassin binary. It
seems to be on, despite the fact that I use a global procmailrc file
and it clearly has /usr/bin/spamassassin as the inary to exec without
any switches.
Tom
Theo Van Dinter wrote:
On Wed, Feb 16, 2005 at 03:58:18PM -05
At 02:57 PM 2/16/2005, Terry Poperszky wrote:
SpamAssassin 3.0.2
Feb 16 12:43:48 s2 spamd[29770]: connection from localhost [127.0.0.1] at
port 39476
Feb 16 12:43:48 s2 spamd[5761]: info: setuid to aguerob succeeded
Feb 16 12:43:48 s2 spamd[5761]: processing message
<[EMAIL PROTECTED]> for
aguer
We have a script that does some unattended spam learning from a designated
spam box that our users report spam to. I ran a dump on the bayes db and I
noticed some tokens that shouldn't be ranked so highly, so I started
watching the spam box and it seems that some users got "confused" and
reported
On Wed, Feb 16, 2005 at 10:23:11PM +0100, Philipp Snizek, seaan.net ag wrote:
>
> Mails I cannot tell for sure whether it's spam is delivered to a
> quarantine inbox. Mostly, it is spam. Such stuff I would like to
> forward per email to the mail gateway doing the antispam stuff.
> Problem is that
* Philipp Snizek, seaan.net ag <[EMAIL PROTECTED]>:
> Mails I cannot tell for sure whether it's spam is delivered to a
> quarantine inbox. Mostly, it is spam. Such stuff I would like to
> forward per email to the mail gateway doing the antispam stuff.
> Problem is that the original header gets los
> > Is there a way how to feed SA with the body token only? This would
> > really make my work a lot easier.
> >
>
> Doesn't sound wise. What problem are you trying to solve?
Mails I cannot tell for sure whether it's spam is delivered to a
quarantine inbox. Mostly, it is spam. Such stuff I
>>From the original email I used as seed for the test. Note, no surbl
test hit.
Tom
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
nova.terranovum.com
X-Spam-Level: **
X-Spam-Status: Yes, score=6.6 required=4.0 tests=BAYES_99,BIZ_TLD,
CONSOLIDATE_DEBT,G
Hello,
a lot of questions in this list are about the spam : ham ratio to be trained
and how much mails should be trained. One continuously read myth is the 1 : 1
ratio.
I read an article about the best ratio as 1 : 1 and it was expirienced by a
test and later on derived from the bayesian theo
On Wed, Feb 16, 2005 at 03:58:18PM -0500, [EMAIL PROTECTED] wrote:
> New output. Notice it worked this time. But that same email does not show
> the
> surbl report.
What do you mean "the surbl report"? The hits showed up in the Report you
listed just fine (I added -MUNGED to avoid hitting other'
On Wed, Feb 16, 2005 at 03:36:35PM -0500, [EMAIL PROTECTED] wrote:
> The email I ran lint on had a domain in it.
>
> spamassassin --lint -D < /tmp/test_spam
You can't do that. --lint does a lint. Perhaps you want -t for test?
--
Randomly Generated Tagline:
"Look, Daddy, a whale egg!"
I have SA 3.0.0 on Mandrake 10.1 and I am running everything through
procmail and am not running spamd. I believe that is the default for
10.1. Anyhow, I am not seeing surbl reports in any of the spam I am
receiving and I can't imagine that is normal. I checked the tests and
they are indeed there.
[EMAIL PROTECTED] wrote:
I've been playing with getting clamav and spamassassin run from within
sendmail and have had a great deal of luck on a fine RHEL box.
First go-round, I set up procmail as the LDA, set up an /etc/procmail that
ran spamassassin. Next, I used milter instructions to run spama
I just upgraded from 2.64, to 3.02 this morning. Spamd is
running just fine, but it is not modifying the headers of the email at all. I
find the following errors in my mail log. Can someone point me in the proper
direction?
Terry
SuSe 9.1
Postfix 2.0.4
SpamAssassin 3.0.2
I've been playing with getting clamav and spamassassin run from within
sendmail and have had a great deal of luck on a fine RHEL box.
First go-round, I set up procmail as the LDA, set up an /etc/procmail that
ran spamassassin. Next, I used milter instructions to run spamassassin
within sendmail.
On Wed, Feb 16, 2005 at 08:05:44PM +0100, Philipp Snizek, seaan.net ag wrote:
>
> Is there a way how to feed SA with the body token only? This would
> really make my work a lot easier.
>
Doesn't sound wise. What problem are you trying to solve?
Michael
pgpnPFzYAMzjx.pgp
Description: PGP sign
> > SA 3.x uses the same tokens, but dumps them into SHA1, so
> you just get
> > numeric gibberish. You can't tell what the token is, but
> you can tell
> > if another token is the same.
> >
>
> What do you mean you can't tell what the token is? I can.
>
> Guess it just takes practice :)
On Wed, Feb 16, 2005 at 01:22:12PM -0500, Matt Kettler wrote:
>
> SA 3.x uses the same tokens, but dumps them into SHA1, so you just get
> numeric gibberish. You can't tell what the token is, but you can tell if
> another token is the same.
>
What do you mean you can't tell what the token is?
At 04:44 AM 2/16/2005, Chris Withers wrote:
> Really, all you need to do is make sure Net::DNS is installed..
How'd I do that?
it's a perl module, install it from a package or with cpan.
And how do I test this is working as you expect once I've done what you
suggest?
spamassassin --lint -D
Look fo
At 01:01 PM 2/16/2005, Philipp Snizek, seaan.net ag wrote:
I use SpamAssassin for a while now and must say it really is an
extremely fine piece of software.
I have a question about sa-learn. I run SA on a mail gateway. I intend
to write a shell script that enables me to send an email to the mail
ga
From: "Philipp Snizek, seaan.net ag" <[EMAIL PROTECTED]>
Hi
I use SpamAssassin for a while now and must say it really is an
extremely fine piece of software.
I have a question about sa-learn. I run SA on a mail gateway. I intend
to write a shell script that enables me to send an email to the mai
Hi
I use SpamAssassin for a while now and must say it really is an
extremely fine piece of software.
I have a question about sa-learn. I run SA on a mail gateway. I intend
to write a shell script that enables me to send an email to the mail
gateway with a command, e.g. 'learn' and the text of the
On Feb 5, 2005, at 2:58 PM, Rich wrote:
On Mon, 20 Dec 2004 13:47:25 -0500 (EST), Rich <[EMAIL PROTECTED]>
wrote:
Am Montag, 20. Dezember 2004 14:36 schrieb Rich:
Some messages trigger the following error:
Parsing of undecoded UTF-8 will give garbage when decoding
entities at
/usr/local/lib/per
FH wrote:
> It was less than 1/2 hour because I was experimenting w/ the commands
> and the new email came in so I decided to use that one ;)
>
> Initial email:
> X-Spam-Status: No, score=1.9 required=4.0 tests=BAYES_99 autolearn=no
> version=3.0.2
>
> After running it through the spamassassi
>My next step would be to write something that would analyse my logs to
>see exactly what the rules are doing - and to try razor.
Here ya go! Ninja D is da man! :)
>I just whipped up a quick maillog parser display top rules firing in
>3.0. It reads all maillog* files and generates top firin
-- Original Message --
Received: Wed, 16 Feb 2005 12:31:49 AM EST
From: Robert Menschel <[EMAIL PROTECTED]>
To: FH <[EMAIL PROTECTED]>Cc: users@spamassassin.apache.org
Subject: Re[4]: Care and feeding instructions for SpamAssassin?
> >> Next time you get one of those spam that sneaks throu
At 09:38 AM 2/16/2005, Andrew Afliatunov wrote:
But how spamd will know what ldap server to contact?
Well clearly this has *nothing* to do with the --setuid-with-ldap
parameter. --setuid-with-ldap can't tell SA what ldap server to use.
Note: you still probably want to pass -x and --ldap-config b
Hi,
On Tue, Feb 15, 2005 at 09:03:14PM -0800, Robert Menschel wrote:
>GG> Lint output: warning: score set for non-existent rule SARE_MSGID_IP
>GG> warning: score set for non-existent rule SARE_TOCC_NONE
>GG> lint: 2 issues detected. please rerun with debug enabled for more
>information.
>
>GG>
Hey Joe. My 2.64 install is running so well, I almost don't want to
upgrade to 3.0.2, and I really don't need to spend too much time on it
to keep it that way. Perhaps you just need to devote a couple of
days to do some tweaking and thereafter it should run well on its own.
Finding out w
Matt Kettler wrote:
At 02:12 AM 2/15/2005, Andrew Afliatunov wrote:
I use spamassassin-3.01 in site-wide mode (spamd+spamc) on Linux
Slackware-9.1 mail server.
Everything worked just fine - about 300 spam-letters dayly was
filtered. But then I made system to look up mail-users in ldap
database.
Joe
ahh well thenthe additional rules from www.rulemporium.com (not
bigevil.cf) will help alot.
as will the URI-RBL extras from www.surbl.org (see
http://sourceforge.net/projects/spamcopuri/ for a 2.64 patch to enable
this).
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Te
Interesting Chris...thanks for the feedback...at least maybe I'm still
on the planet somewhere..
My "monthly" word means that I've been feeling too good about myself
lately, so I'm due for a slap-down on how dumb I am.
J
Chr. von Stuckrad wrote:
On Wed, Feb 16, 2005 at 08:26:43AM -0500, Joe Flo
2.64 currently...I'm hoping to move to 3.0x soon...after I see how this
experiment goes.
It's just a plain-jane out-of-the-box install, nothing special, except
maybe I'm doing AWL checks too, which I've seen from the list can cause
some headaches from its use or misuse. Although, I have run this
On Wed, Feb 16, 2005 at 08:26:43AM -0500, Joe Flowers wrote:
> For us, SA *seems* to score SPAM messages with lower and lower hit
> scores as time goes by, and the users get more and more glassy-eyed over
> it's ("my" if you prefer) effectiveness as time goes by too.
OH, interesting, I think I h
Joe
what SA version and what extra rules? Using the URI-RBL's?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Joe Flowers wrote:
Later today I'll be implementing a "drifting" spam/ham dividing line
(one "line" for the entire system - not individually set per
Later today I'll be implementing a "drifting" spam/ham dividing line
(one "line" for the entire system - not individually set per email
account) to see how effective it is or how effective it appears to be.
I'm curious to know if the dividing line will drift into a wall on some
self-imposed bou
Chris S
May I suggest.
do a change - make sure the comment that gets displays by the RDJ says
this rule will be deleted in a week.
after a week take it off the rulesemporium siteall the RDJ will 404
on it..
just a thought.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel:
Matt Kettler wrote:
Can you explain how I make that switch or refer me to any relevent docs?
Really, all you need to do is make sure Net::DNS is installed..
How'd I do that?
And how do I test this is working as you expect once I've done what you
suggest?
Chris
--
Simplistix - Content Management,
On Tuesday, February 15, 2005, 10:45:47 AM, Justin Mason wrote:
> Austin Weidner writes:
>> Why am I getting around 20 lines of this in a spamassassin --lint -D:
>>
>> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa89414c)
>> inhibited further callbacks
>>
>> What is URIDNSBL and wh
Thanks to everybody who responded to my email.
I have learnt a lot, added a few filters, removed some and removed the
awl-option.
> Average spam blocked per minute for the last
>
> Day WeekMonth Year (Since April-June last year)
> mail1 5.946.217.678.20
> mail2
Hello FH,
Tuesday, February 15, 2005, 3:40:43 PM, you wrote:
>> Next time you get one of those spam that sneaks through, run
>> > spamassassin -D output 2>debug.out
F> There must be a disconnect somewhere. I just did this w/ a "drugs
F> online" spam I just received. When it first came in it had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Menschel writes:
> Hello George,
>
> Tuesday, February 15, 2005, 7:29:07 PM, you wrote:
>
> GG> On Sat, Feb 12, 2005 at 02:26:02PM -0800, Robert Menschel wrote:
> >>Just a quick note that SARE's header rules files have been updated.
> >>Infor
Hello George,
Tuesday, February 15, 2005, 7:29:07 PM, you wrote:
GG> On Sat, Feb 12, 2005 at 02:26:02PM -0800, Robert Menschel wrote:
>>Just a quick note that SARE's header rules files have been updated.
>>Information concerning these rules files can be found at
>>http://www.rulesemporium.com/rul
Hi!
We've just successfully setup SA 3.0.2 on our Apple X Serve 10.3.8,
using postfix, procmail, and Squirrelmail.
I have trained the Bayes with some spam archives and I would like our
users to send mail to a specific mailbox for training.
For certain specific users, I have had them add IsSpam
On Sat, Feb 12, 2005 at 02:26:02PM -0800, Robert Menschel wrote:
>Just a quick note that SARE's header rules files have been updated.
>
>Information concerning these rules files can be found at
>http://www.rulesemporium.com/rules.htm#header
>
BTW - know anything about SARE_MSGID_IP and SARE_TOCC_N
>
>
> Chris Santerre wrote:
The 1:1 ratio is a mistake based on a wrong interpretation of
>>>
>>>the bayes=20
>>>
theorem. I have a ham : spam ratio of 1 : 40.
>>>
>> Also:
>> "I thing bayes is a very good addition to individual rules. And when
>> it's
>> trained propper it works fine. "
>>
Cool link and many thanks, but the issue for me is how to keep the sa
db's synched. afaik the tokens etc are unique - so how to get those to
balance?
'Course, it could be I'm being entirely dense (not a 1st) :-D
Nigel
On Tue, 15 Feb 2005 17:41:16 -0600, Michael Parker <[EMAIL PROTECTED]>
wrote:
63 matches
Mail list logo
